Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions internal/start/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -685,6 +685,7 @@ EOF
fmt.Sprintf("GOTRUE_EXTERNAL_%s_CLIENT_ID=%s", strings.ToUpper(name), config.ClientId),
fmt.Sprintf("GOTRUE_EXTERNAL_%s_SECRET=%s", strings.ToUpper(name), config.Secret.Value),
fmt.Sprintf("GOTRUE_EXTERNAL_%s_SKIP_NONCE_CHECK=%t", strings.ToUpper(name), config.SkipNonceCheck),
fmt.Sprintf("GOTRUE_EXTERNAL_%s_EMAIL_OPTIONAL=%t", strings.ToUpper(name), config.EmailOptional),
)

redirectUri := config.RedirectUri
Expand Down
37 changes: 37 additions & 0 deletions pkg/config/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,7 @@ type (
Url string `toml:"url"`
RedirectUri string `toml:"redirect_uri"`
SkipNonceCheck bool `toml:"skip_nonce_check"`
EmailOptional bool `toml:"email_optional"`
}

solana struct {
Expand Down Expand Up @@ -952,6 +953,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalAppleSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalAppleEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["azure"]; ok {
Expand All @@ -961,6 +963,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
body.ExternalAzureSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalAzureUrl = nullable.NewNullableWithValue(p.Url)
body.ExternalAzureEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["bitbucket"]; ok {
Expand All @@ -969,6 +972,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalBitbucketSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalBitbucketEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["discord"]; ok {
Expand All @@ -977,6 +981,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalDiscordSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalDiscordEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["facebook"]; ok {
Expand All @@ -985,6 +990,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalFacebookSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalFacebookEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["figma"]; ok {
Expand All @@ -993,6 +999,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalFigmaSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalFigmaEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["github"]; ok {
Expand All @@ -1001,6 +1008,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalGithubSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalGithubEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["gitlab"]; ok {
Expand All @@ -1010,6 +1018,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
body.ExternalGitlabSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalGitlabUrl = nullable.NewNullableWithValue(p.Url)
body.ExternalGitlabEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["google"]; ok {
Expand All @@ -1019,6 +1028,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
body.ExternalGoogleSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalGoogleSkipNonceCheck = nullable.NewNullableWithValue(p.SkipNonceCheck)
body.ExternalGoogleEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["kakao"]; ok {
Expand All @@ -1027,6 +1037,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalKakaoSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalKakaoEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["keycloak"]; ok {
Expand All @@ -1036,6 +1047,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
body.ExternalKeycloakSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalKeycloakUrl = nullable.NewNullableWithValue(p.Url)
body.ExternalKeycloakEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["linkedin_oidc"]; ok {
Expand All @@ -1044,6 +1056,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalLinkedinOidcSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalLinkedinOidcEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["notion"]; ok {
Expand All @@ -1052,6 +1065,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalNotionSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalNotionEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["slack_oidc"]; ok {
Expand All @@ -1060,6 +1074,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalSlackOidcSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalSlackOidcEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["spotify"]; ok {
Expand All @@ -1068,6 +1083,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalSpotifySecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalSpotifyEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["twitch"]; ok {
Expand All @@ -1076,6 +1092,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalTwitchSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalTwitchEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["twitter"]; ok {
Expand All @@ -1084,6 +1101,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalTwitterSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalTwitterEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
if p, ok := e["workos"]; ok {
Expand All @@ -1101,6 +1119,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) {
if len(p.Secret.SHA256) > 0 {
body.ExternalZoomSecret = nullable.NewNullableWithValue(p.Secret.Value)
}
body.ExternalZoomEmailOptional = nullable.NewNullableWithValue(p.EmailOptional)
}
}
}
Expand All @@ -1119,6 +1138,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalAppleSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalAppleEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalAppleEnabled, false)
e["apple"] = p
Expand All @@ -1131,6 +1151,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalAzureSecret, "")
}
p.Url = ValOrDefault(remoteConfig.ExternalAzureUrl, "")
p.EmailOptional = ValOrDefault(remoteConfig.ExternalAzureEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalAzureEnabled, false)
e["azure"] = p
Expand All @@ -1142,6 +1163,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalBitbucketSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalBitbucketEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalBitbucketEnabled, false)
e["bitbucket"] = p
Expand All @@ -1153,6 +1175,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalDiscordSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalDiscordEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalDiscordEnabled, false)
e["discord"] = p
Expand All @@ -1164,6 +1187,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalFacebookSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalFacebookEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalFacebookEnabled, false)
e["facebook"] = p
Expand All @@ -1175,6 +1199,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalFigmaSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalFigmaEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalFigmaEnabled, false)
e["figma"] = p
Expand All @@ -1186,6 +1211,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalGithubSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalGithubEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalGithubEnabled, false)
e["github"] = p
Expand All @@ -1198,6 +1224,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalGitlabSecret, "")
}
p.Url = ValOrDefault(remoteConfig.ExternalGitlabUrl, "")
p.EmailOptional = ValOrDefault(remoteConfig.ExternalGitlabEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalGitlabEnabled, false)
e["gitlab"] = p
Expand All @@ -1213,6 +1240,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalGoogleSecret, "")
}
p.SkipNonceCheck = ValOrDefault(remoteConfig.ExternalGoogleSkipNonceCheck, false)
p.EmailOptional = ValOrDefault(remoteConfig.ExternalGoogleEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalGoogleEnabled, false)
e["google"] = p
Expand All @@ -1224,6 +1252,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalKakaoSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalKakaoEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalKakaoEnabled, false)
e["kakao"] = p
Expand All @@ -1236,6 +1265,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalKeycloakSecret, "")
}
p.Url = ValOrDefault(remoteConfig.ExternalKeycloakUrl, "")
p.EmailOptional = ValOrDefault(remoteConfig.ExternalKeycloakEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalKeycloakEnabled, false)
e["keycloak"] = p
Expand All @@ -1247,6 +1277,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalLinkedinOidcSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalLinkedinOidcEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalLinkedinOidcEnabled, false)
e["linkedin_oidc"] = p
Expand All @@ -1258,6 +1289,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalNotionSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalNotionEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalNotionEnabled, false)
e["notion"] = p
Expand All @@ -1269,6 +1301,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalSlackOidcSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalSlackOidcEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalSlackOidcEnabled, false)
e["slack_oidc"] = p
Expand All @@ -1280,6 +1313,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalSpotifySecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalSpotifyEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalSpotifyEnabled, false)
e["spotify"] = p
Expand All @@ -1291,6 +1325,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalTwitchSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalTwitchEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalTwitchEnabled, false)
e["twitch"] = p
Expand All @@ -1302,6 +1337,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalTwitterSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalTwitterEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalTwitterEnabled, false)
e["twitter"] = p
Expand All @@ -1325,6 +1361,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) {
if len(p.Secret.SHA256) > 0 {
p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalZoomSecret, "")
}
p.EmailOptional = ValOrDefault(remoteConfig.ExternalZoomEmailOptional, false)
}
p.Enabled = ValOrDefault(remoteConfig.ExternalZoomEnabled, false)
e["zoom"] = p
Expand Down
2 changes: 2 additions & 0 deletions pkg/config/templates/config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,8 @@ redirect_uri = ""
url = ""
# If enabled, the nonce check will be skipped. Required for local sign in with Google auth.
skip_nonce_check = false
# If enabled, it will allow the user to successfully authenticate when the provider does not return an email address.
email_optional = false

# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard.
# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting.
Expand Down
2 changes: 2 additions & 0 deletions pkg/config/testdata/config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ secret = "env(AZURE_SECRET)"
url = "https://login.microsoftonline.com/tenant"
# If enabled, the nonce check will be skipped. Required for local sign in with Google auth.
skip_nonce_check = true
# If enabled, it will allow the user to successfully authenticate when the provider does not return an email address.
email_optional = true

# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard.
# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting.
Expand Down